Wirus z facebooka :(

maniek31 · 23 Sierpień 2011 13:10

witam

mam tez ten problem z wirusem z FB, uzylem programu OTL ale nie bardzo wiem co dalej??

POMOCY

OTL TXT http://wklej.to/0Xtll

OTL EXTRAS http://wklej.to/RUMRa

prosze o szybka pomoc

drobok · 23 Sierpień 2011 13:33

Wklej o opcje skanowania i kliknij wykonaj skrypt:

:OTL


PRC - [2011-08-23 13:59:38 | 000,273,920 | ---- | M] () -- C:\WINDOWS\update.3\svchost.exe

PRC - [2011-08-23 13:59:16 | 000,635,904 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe

PRC - [2011-08-23 13:59:16 | 000,635,904 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe

PRC - [2011-08-22 14:50:05 | 000,137,728 | ---- | M] () -- C:\WINDOWS\systemup.exe

PRC - [2011-08-21 22:51:20 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe

PRC - [2011-08-21 22:50:51 | 000,355,840 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe

PRC - [2011-08-21 22:50:51 | 000,355,840 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe

PRC - [2011-08-20 22:40:20 | 000,382,464 | ---- | M] () -- C:\WINDOWS\update.7.1\svchostdriver.exe

PRC - [2011-08-20 22:38:16 | 000,258,048 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe

PRC - [2011-08-20 22:37:32 | 001,182,208 | -H-- | M] () -- C:\WINDOWS\update.tray-7-0\svchost.exe

PRC - [2011-08-20 22:37:32 | 001,182,208 | -H-- | M] () -- C:\WINDOWS\update.tray-0-0\svchost.exe

PRC - [2011-08-20 22:37:32 | 001,182,208 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe

PRC - [2011-06-29 12:20:24 | 000,743,936 | ---- | M] (Ufasoft) -- C:\WINDOWS\ufa\ufa.exe

MOD - [2011-08-23 13:59:38 | 000,273,920 | ---- | M] () -- C:\WINDOWS\update.3\svchost.exe

MOD - [2011-08-23 13:59:16 | 000,635,904 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe

MOD - [2011-08-22 14:50:05 | 000,137,728 | ---- | M] () -- C:\WINDOWS\systemup.exe

MOD - [2011-08-21 22:51:20 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe

MOD - [2011-08-21 22:50:51 | 000,355,840 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe

MOD - [2011-08-20 22:40:20 | 000,382,464 | ---- | M] () -- C:\WINDOWS\update.7.1\svchostdriver.exe

MOD - [2011-08-20 22:38:16 | 000,258,048 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe

MOD - [2011-08-20 22:37:32 | 001,182,208 | -H-- | M] () -- C:\WINDOWS\update.tray-7-0\svchost.exe

MOD - [2011-08-20 22:37:32 | 001,182,208 | -H-- | M] () -- C:\WINDOWS\update.tray-0-0\svchost.exe

MOD - [2011-08-20 22:37:32 | 001,182,208 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe

SRV - File not found [Disabled | Stopped] -- -- (HidServ)

SRV - File not found [Auto | Stopped] -- -- (AVP)

SRV - [2011-08-23 13:59:16 | 000,635,904 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.2\svchost.exe -- (srviecheck)

SRV - [2011-08-21 22:50:51 | 000,355,840 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.5.0\svchost.exe -- (srvbtcclient)

SRV - [2011-08-20 22:40:20 | 000,382,464 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.7.1\svchostdriver.exe -- (ddservice)

SRV - [2011-08-20 22:38:16 | 000,258,048 | ---- | M] () [Auto | Running] -- C:\WINDOWS\sysdriver32.exe -- (srvsysdriver32)

SRV - [2011-08-20 22:37:32 | 001,182,208 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\update.1\svchost.exe -- (wxpdrivers)

 IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll (Spigot, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

 O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - File not found

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - File not found

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [1332904.exe] C:\Documents and Settings\S\Ustawienia lokalne\Temp\1332904.exe ()

O4 - HKLM..\Run: [1488336.exe] C:\WINDOWS\TEMP\1488336.exe ()

O4 - HKLM..\Run: [27323757-loader2.exe] C:\WINDOWS\TEMP\27323757-loader2.exe ()

O4 - HKLM..\Run: [4654304.exe] C:\WINDOWS\TEMP\4654304.exe ()

O4 - HKLM..\Run: [7170292.exe] C:\Documents and Settings\S\Ustawienia lokalne\Temp\7170292.exe ()

O4 - HKLM..\Run: [8592862.exe] C:\WINDOWS\TEMP\8592862.exe ()

O4 - HKLM..\Run: [avast] File not found

O4 - HKLM..\Run: [AVP] File not found

O4 - HKLM..\Run: [l1rezerv.exe] C:\WINDOWS\l1rezerv.exe ()

O4 - HKLM..\Run: [sysdriver32.exe] C:\WINDOWS\sysdriver32.exe ()

O4 - HKLM..\Run: [sysdriver32_.exe] C:\WINDOWS\sysdriver32_.exe ()

O4 - HKLM..\Run: [systemup] C:\WINDOWS\systemup.exe ()

O4 - HKLM..\Run: [tray_ico] File not found

O4 - HKLM..\Run: [tray_ico0] C:\WINDOWS\update.tray-7-0\svchost.exe ()

O4 - HKLM..\Run: [tray_ico1] C:\WINDOWS\update.tray-0-0\svchost.exe ()

O4 - HKLM..\Run: [tray_ico2] File not found

O4 - HKLM..\Run: [tray_ico3] File not found

O4 - HKLM..\Run: [tray_ico4] File not found

O4 - HKLM..\Run: [w_distrib.exe] C:\WINDOWS\update.3\svchost.exe ()

O4 - HKLM..\Run: [wxpdrv] C:\WINDOWS\services32.exe ()

[2011-08-22 23:24:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-0-0-lnk

[2011-08-22 23:24:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-0-0

[2011-08-22 22:47:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0-lnk

[2011-08-22 22:47:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-7-0

[2011-08-21 14:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa

[2011-08-21 14:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer

[2011-08-21 14:10:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix

[2011-08-20 22:43:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0

[2011-08-20 22:42:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.3

[2011-08-20 22:41:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2

[2011-08-20 22:40:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.7.1

[2011-08-20 22:37:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1

[2011-08-23 13:59:39 | 000,000,224 | ---- | M] () -- C:\WINDOWS\info1

[2011-08-23 13:56:05 | 003,208,224 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-005A1102}.CDF

[2011-08-23 13:55:00 | 000,023,712 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-005A1102}.rfx

[2011-08-23 13:55:00 | 000,023,712 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-005A1102}.rfx

[2011-08-23 13:55:00 | 000,018,792 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-005A1102}.rfx

[2011-08-23 13:55:00 | 000,018,792 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000008-00001102-00000004-005A1102}.rfx

[2011-08-23 13:55:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm

[2011-08-23 13:55:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm

[2011-08-23 13:55:00 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000008-00001102-00000004-005A1102}.dat

[2011-08-23 13:55:00 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000008-00001102-00000004-005A1102}.dat

[2011-08-23 13:54:47 | 003,208,224 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-005A1102}.BAK

[2011-08-22 14:50:05 | 000,137,728 | ---- | M] () -- C:\WINDOWS\systemup.exe

[2011-08-21 22:51:20 | 000,232,960 | ---- | M] () -- C:\WINDOWS\l1rezerv.exe

[2011-08-21 14:10:08 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar

[2011-08-21 14:10:08 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe

[2011-08-21 14:10:08 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar

[2011-08-21 14:10:07 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar

[2011-08-20 22:40:36 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar

[2011-08-20 22:38:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok

[2011-08-20 22:38:16 | 000,258,048 | ---- | M] () -- C:\WINDOWS\sysdriver32_.exe

[2011-08-20 22:38:16 | 000,258,048 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe

[2011-08-20 22:37:32 | 001,182,208 | ---- | M] () -- C:\WINDOWS\services32.exe

[2011-08-23 13:54:47 | 003,208,224 | ---- | C] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-005A1102}.BAK

[2011-08-22 09:02:18 | 000,137,728 | ---- | C] () -- C:\WINDOWS\systemup.exe

[2011-08-21 22:51:24 | 000,232,960 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe

[2011-08-21 14:10:08 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar

[2011-08-21 14:10:08 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar

[2011-08-21 14:10:07 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar

[2011-08-20 22:40:38 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist

[2011-08-20 22:40:36 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar

[2011-08-20 22:40:36 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe

[2011-08-20 22:40:21 | 000,000,224 | ---- | C] () -- C:\WINDOWS\info1

[2011-08-20 22:38:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok

[2011-08-20 22:38:22 | 000,258,048 | ---- | C] () -- C:\WINDOWS\sysdriver32_.exe

[2011-08-20 22:38:08 | 000,258,048 | ---- | C] () -- C:\WINDOWS\sysdriver32.exe

[2011-08-20 22:37:44 | 001,182,208 | ---- | C] () -- C:\WINDOWS\services32.exe

[2011-07-15 22:47:40 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\S\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011-05-25 19:54:28 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-00000008-00001102-00000004-005A1102}.dat

[2011-05-25 19:54:28 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000008-00001102-00000004-005A1102}.dat

[2011-05-25 19:47:21 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE


:Reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]

"AlternateShell"="cmd.exe"


:Commands

[RESETHOSTS] 

[emptytemp]

Następnie wykonaj skan jeszcze raz i wklej na forum.

maniek31 · 23 Sierpień 2011 13:51

zrobilem tak jak napisales i zrobilem teraz nowego loga

http://wklej.to/6RQ2T

sorry to byl raport po wlaczeniu sie kompa na nowo. teraz robie nowy skan.

– Dodane 23.08.2011 (Wt) 15:59 –

teraz mam nowego Log-a

http://wklej.to/iTJAK

tak on wyglada

drobok · 23 Sierpień 2011 14:46

W logu nic nie widzę (bynajmniej ja), jednak martwi mnie, iż nie znalazło żadnego pliku w pierwszym logu którym podałeś, infekcja powinna być już usunięta ponieważ w drugim logu nic nie widać.

@kamczatka utwórz nowy temat z logiem otl, wg instrukcji w temacie przyklejonym do działu bezpieczeństwo

maniek31 · 23 Sierpień 2011 14:50

drobok#

wielkie dzieki za pomoc juz mam prawie kompa zrobionego jeszcze tylko pare smieci usune i bedzie OK,

jeszcze raz wielkie dzieki.

Super za sa tacy specjalisci jak Wy. =D>

– Dodane 23.08.2011 (Wt) 17:03 –

Dzieki wszystkim za wasza pomoc ja mam juz kompa czystego. Trwalo to troche dzisiaj ale sie udalo =D>

drobok · 23 Sierpień 2011 16:32

Użyj opcji sprzątanie w otl.